The value of data science in security

Data science is no longer just another
business domain that security needs to harden and protect: it is becoming a
core function of security itself.

This is a major change compared to even two
years ago.

Consider the Australian government’s 2016 cyber security strategy, which pointed to
the role that security would play in helping businesses properly harness big data.

To “fully realise” big data - and hence data
science - opportunities, “these technologies and
the infrastructure on which they operate must be trusted”, the government
noted. “Strong cyber security will enable this.”

Likewise, Data61 - whose mission is “to
create Australia’s data driven future” - indicated around the same time that it would not be able
to achieve that vision without addressing “national challenges around cyber
security.”

In both cases, security was seen as an input
or ingredient needed to allow businesses to step towards a data-driven future.

This is true - but the tables can also be
turned. Security has a data-driven future of its own to achieve, in which data
science is the essential ingredient needed to enable security organisations to
achieve success in this domain.

One of the most commonly-cited examples of
data science for security purposes comes from the banking and insurance
industry. There, data science brings together a combination of analytics and
machine learning to detect fraudulent transactions.

By scanning various datasets relating to
user and network behaviour, companies can detect anomalies and either respond
or generate an alert – prioritised according to threat level – for security
professionals to investigate further.
This basic premise can be put to work for countless security applications:
detecting attempted intrusions on a company network, identifying users acting
against corporate policies, or managing risk.

Thanks to machine learning, models and
algorithms can be refined further over their lifetime – reflecting changes in
staff behaviour, alterations in the technology using the network, or evolution
in the threat landscape – to reduce the number of unnecessary alerts that staff
are called on to look into.
However, as with any data science project, those in security can only advance
with the right fuel – the appropriate data. With the falling cost of storing
data and the increasing ease of gathering it, businesses may succumb to the
temptation of collecting as much information as possible and holding on to it
for as long as they can.

With the advent of GDPR focusing minds on
issues of data and consent, businesses may choose to examine how much of what
they accumulate and keep is really necessary.

In security, too much data can make it
difficult to validate use cases for data science. While you can never have
enough data to perform predictive analytics on, data science for security tends
to be a lot more focused. When searching for patterns and anomalies, it may pay
to do so on a smaller sample of data.

Structurally, how data science is applied in
the infosec domain is still an open question.

While larger companies may now be
investigating data science or have already set up a practice within the
organisation, only a small proportion will have a dedicated security wing. This
is likely to be because the jury's still out on whether data science should be
a centralised or line-of-business set-up.
However, data science has a lot to offer the IT department, whichever
department it reports into. One of the key advantages that well-deployed data
science can offer is that it typically has a great focus on demonstrating the
business value of its projects, leaving the board in no doubt as to the return
on investment of its projects – and giving those in the IT department valuable
ammunition when asking for more funding.

The first step for businesses looking to
embark on a data science project is to identify the business need that it will
address. From there, the data comes into its own: organisations need to query
if they have the information they need to generate the insight they require –
and if not, develop a plan to do so – and meet that business need.

Data science in general offers a way for businesses to profit from the data
they hold in order to improve their processes and operations.

In the field of security, it is opening new
possibilities to query diverse datasets and use the information they've
gathered to block would-be attacks, investigate potential threats, and automate
security practices.

Latest Videos

​Email fraud is nothing new, but online criminals have become ever more-effective at spoofing their identities to trick employees into sending them money. The Australian Centre for Cyber Security (ACSC) recorded losses of over $20M to business email compromise (BEC) attacks last year alone, up 230 percent over the previous year – and the full amount is certain to be much larger.​

No matter how robust your security, or how diligent your employees, network credentials are a free pass for cybercriminals. This is mostly because employees are relied upon for their own password management. And with more than 4.8 billion sets of stolen credentials said to be available online, odds are that at least a few of your employees’ user IDs and passwords are just waiting to be used by unscrupulous outsiders. Are you ready to stop them?

Cyber resilience will be particularly important as Australian organisations face increased pressure to quickly detect, respond to, and manage the repercussions of breaches in the wake of 2018’s Notifiable Data Breaches (NDB) scheme.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.